An industry-wide, hardware-based security vulnerability was disclosed yesterday that impacted Intel chipsets. So far, the three known variants of the issue are:
- Variant 1 (Spectre): bounds check bypass (CVE-2017-5753)
- Variant 2 (Spectre): branch target injection (CVE-2017-5715)
- Variant 3 (Meltdown): rogue data cache (CVE-2017-5754)
PrecisionLender, in conjunction with Microsoft Azure, has taken active steps to ensure that no Azure customer is exposed to these vulnerabilities. At the time of this blog post, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack Azure customers.
Our Azure infrastructure has been updated to address this vulnerability.
For our customers: Microsoft has worked to optimize the CPU and disk I/O path and are not seeing noticeable performance impact after the fix has been applied. No update or action is required on your side.
If you have further questions or concerns regarding this issue, please let us know and we will get back to you quickly.
EVP, Trust & Security